Skip Links

Network World

Brad Reese

How does Cisco IronPort prevent Directory Harvest Attacks (DHA)?

By Brad Reese on Mon, 02/02/09 - 1:55pm.

How a Directory Harvest Attack Works

Below, Tom Topping - director of federal operations for Cisco IronPort gives his take on how IronPort prevents Directory Harvest Attacks (from a Q&A featured on the Cisco NetPro Forum).

How does the IronPort prevent Directory Harvest Attacks?

Tom ToppingDirectories are harvested when a sender delivers thousands of common email recipient addresses to a domain; for example asmith@, bsmith@, csmith@, ajones@....... The attacker is seeking to understand which addresses DO NOT generate an Invalid Recipient Bounce. By knowing which addresses do not bounce the attacker knows which addresses are valid for that domain. Therefore in order to stop these attacks the IronPort does two things:

1. It validates the recipient email address, via an LDAP query, during the SMTP Conversation.
2. It counts the number of invalid recipients from each sender and stops responding after a configurable number of invalid recipients during each hour.

More questions and answers...

Does the IronPort Email Security Appliance support Authentication Mechanisms such as Domain Keys?

Yes, the IronPort Email Security Appliance authenticates received messages that are signed with SIDF, Domain Keys and DKIM. The appliances also can sign outbound messages with DKIM and Domain Keys.

How many real emails does the IronPort misclassify and stick into the Spam Bucket?

IronPort's advertised False Positive Rate is "Less Than One In One Million", IronPort customer actually experience far fewer False Positives than that. Effectively, the typical end-user behind an IronPort never experiences a false positive.

Does the IronPort Anti-Spam system have Centralized Management so that a change can be made to one systems and that change get propagated to the others?

Yes, the system does support Centralized Management. This is implemented on-system, without the need for an additional Centralized-Management appliance.

How many interfaces do the IronPort C-Series systems have?

The IronPort C160 has two network interfaces (copper 10/100/1000).
The IronPort C360, C660, X1060 all have three network interfaces (copper 10/100/1000).
The X1060 has a 4 x gigabit fiber option.

Read more about Directory Harvest Attacks.

View more info on the Cisco spam and virus blocker.

What's your take on how to prevent Directory Harvest Attacks?

Brad Reese
BradReese.Com Cisco Refurbished
Brad's Favorite Story Picks

  1. Used Cisco equals gypsies at a flea market
  2. Are these the real reasons for the fall of Nortel?
  3. Could Cisco EnergyWise kill the thriving secondary-market for Cisco equipment?
  4. Cisco to release new February 2009 edition of its famous product quick reference guide!
  5. HP ProCurve wrestles Cisco with new tag teams
  6. Cisco distributor says customers demanding HP ProCurve
  7. Nortel chief flying in corporate jet as company files for bankruptcy protection
  8. Padmasree Warrior as Obama choice for U.S. CTO: Huge win for Cisco, total disaster for America!
  9. Nortel employee severance payments frozen by bankruptcy
  10. Nortel employees speak out: Hopes of becoming multimillionaires dashed
  11. View Brad Reese on Cisco Story Archives

Cisco Repair

Refurbished Cisco

Cisco Power Supplies

New Cisco Equipment

True...

0
By Anon (not verified) on Mon, 02/02/2009 - 3:41pm.

We use Ironports and I can say without a doubt it is the best spam-protection i have ever used/seen, and I have seen most major vendors. The SenderBase Reputation Service works wonders! :)))

Appriciation

0
By Adam (not verified) on Mon, 05/25/2009 - 8:11am.

This is a wonderful opinion. The things mentioned are unanimous and needs to be appreciated by everyone. The above thought is smart and doesn’t require any further addition. It’s perfect thought from my side.
Adam
lawyer directory

Answer

0
By Sean (not verified) on Wed, 05/13/2009 - 11:45pm.

Well, it shocking and considered necessary and immediate attention to short out at the earlier.
-------------
Sean Cruz
Lawyer Directory

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You can use BBCode tags in the text.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <p> <strong> <i> <br /> <br> <ul> <ol> <li> <dl> <dt> <dd> <blockquote>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Welcome, visitor. Register Log in
About Brad Reese on Cisco

Brad Reese cofounded BradReese.Com Cisco Refurbished, which enables affordable networks globally by assuring customer satisfaction with guaranteed one year warranties on both Cisco Repair as well as Refurbished Cisco.

Don't be shy, contact Brad Reese online or call him Toll Free:

866-864-0506

International callers may wish to call Brad by dialing:

850-364-4115

Archives
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
Categories
A classic scam to defraud Cisco's SMARTnet program
America's Best profile written by Useem regarding Chambers' success
Avian Securities Senior Telecom Research Analyst - Catharine Trebnick
Breakingviews.com correspondent - Robert Cyran
CCIE
Careers
Charlie Giancarlo - Managing Director of Silver Lake Partners and Skype investor
Cisco
Cisco ASR 9000 architecture
Cisco ISR G2 Module Support
Cisco Integrated Services Router Generation 2 (ISR G2) Model Comparison
Cisco Integrated Services Routers Generation 2 Portfolio
Cisco Unified Communications Support for Microsoft Windows 7
Cisco is pushing their ASR 9000 at very competitive prices
Cisco is warning Unified Communications customers about NOT successfully offering support for Microsoft Windows 7
Cisco technical star Jonathan Rosenberg
Cisco will have no liability for any delay in delivery
Data Center
Douglas Smith - Cofounder and President of Network Instruments
Expand visibility of NetFlow-dependent NBAD and compliance applications
GigaStor captures and converts packets in NetFlow data flows
Index Venture partner Danny Rimer
Jonathan Rosenberg - a Cisco Fellow in Cisco's Voice Technology Group
Juniper MX960 lab test results
LANs / WANs
Mark Roberts - Polycom vice president of partner marketing
Michael Useem - Professor of Management
Microsoft
NetFlow
NetFlow add-ons
NetFlow overhead can overtax infrastructure
Network Behavior Anomaly Detection (NBAD)
Network Management
Non-NetFlow capable devices are blind to local traffic
Produce NetFlow about any device
SMB
Security
Selection committee member for America's Best Leaders
September 2009 vs. October 2009 Worldwide CCIE Count Comparison
Silver Lake Managing Director - Egon Durban
Skype's cofounders Niklas Zennstrom and Janus Friis
Software
The Charlie angle is to keep Dave Roux on track
The new Cisco ISR G2 portfolio is priced as follows
VoIP / Convergence
What are the benefits of GigaStor NetFlow Agent?
What’s new on the Cisco ISR G2 models vs. the old ISR models?
Windows 7
Windows 7 just not worth an all-out urgent effort by Cisco to support
Wireless / Mobile
eBay CEO - John Donahoe
sFlow
sFlow and NetFlow provides extended visibility
On The Web
Twitter